OpenAI has introduced Atlas, a new web browser that integrates its ChatGPT technology, currently available for Apple computers. The browser features an "agentic mode" designed to perform various tasks for users, such as analyzing recipes and facilitating online purchases. This integration has led to discussions regarding user data privacy, given Atlas's ability to interact with user emails and cloud documents, and its capacity to retain "browser memories." Experts have also identified "prompt injections" as a potential security vulnerability within AI browsers, a risk OpenAI acknowledges and is working to address.
Browser Functionality
OpenAI CEO Sam Altman stated that artificial intelligence presents an opportunity to redefine the browser experience. Atlas is designed to go beyond traditional web navigation by leveraging its integrated ChatGPT in an "agentic mode." This mode enables the browser to perform advanced actions on behalf of the user. Demonstrated capabilities include analyzing an online recipe, calculating required ingredients for a specified number of diners, and facilitating the online purchase of those ingredients. Other potential actions include making reservations or purchasing tickets.
Data Privacy Considerations
The integration of ChatGPT within Atlas has prompted discussions regarding user data privacy. The browser is capable of interacting with user services such as email and Google Docs, and it stores "browser memories" from visited websites. OpenAI has indicated that this data collection is intended to enhance user understanding.
Anil Dash, a technology entrepreneur, suggested that the design of Atlas could facilitate increased access to user data for large language models, stating his belief that more information might be transmitted to OpenAI than is evident to the user.
Lena Cohen, a Technologist at the Electronic Frontier Foundation (EFF), raised concerns about AI browsers operating in agentic mode. Cohen noted that users might transfer more control to OpenAI than initially perceived, and that managing data once it is stored on OpenAI’s servers could become complex. She described the agentic AI mode as significantly escalating privacy risks.
OpenAI has stated that the default setting for Atlas does not utilize information accessed via the browser for training its AI models; however, users have the option to consent to this use.
Security Concerns: Prompt Injections
Experts have identified "prompt injections" as a potential security risk in AI browsers. Cohen described prompt injections as malicious instructions embedded within web pages that an AI agent could be induced to execute. Examples include an agent being directed to purchase an unintended product or to disclose credit card information. OpenAI acknowledges prompt injection as an unresolved issue and reports ongoing efforts to train its models to disregard such instructions.
Industry Perspective
Chirag Shah, a professor at the University of Washington's Information School, commented on the rapid development of AI with minimal regulatory frameworks, noting potential implications for users.